Research and development team

Ready to solve some of the world's toughest cybersecurity challenges? Explore our open positions.

Follow our R&D team on Twitter to hear about our latest projects and tools.

ERC is an open source Windows exploit development framework that is available on GitHub as an API or a X64dbg plugin.

For iOS 11.1.2 (15B202) – if you don’t have this exact version, it won’t work for you.

Give the script a newline separated list of subnets, and it scans each subnet for life hosts and writes a certain percentage of random live IPs from each subnet to a SampleIPs.txt.

Detect cve2012-0053 with this Nmap plugin.

Gain a better understanding of the risks associated with User-ID and the particularly dangerous Client Probing option within it.

Used for debugging Windows application crashes. ERC.Net supports 64- and 32-bit applications; parses DLL/EXE headers; identifies compile time flags (ASLR, DEP, SafeSEH); generates non-repeating patterns and platform-specific egg hunters; and more.

Assists in exploit development process with an X64dbg plugin built around the ERC library.

A software testing methodology, fuzzing is used from a black- or white-box perspective and provides deliberately malformed inputs to an application to identify errors that could cause further compromise.

Learn more about the creation of an exploit for a 32-bit Windows application vulnerable to a buffer overflow using X64dbg and the associated ERC plugin.

See how easy it was for hackers to attempt to cause life-threatening harm by weaponizing one of today’s increasingly common and cheap devices: a 3D printer.

Built from serverless components in AWS and designed for easy deployment, NPK brings high-power hash-cracking to everyone.

Send hashes to hashcat to be cracked with this Willie module. As soon as a hash is cracked, HashBot PMs the invoker with the cracked hash and plaintext.

An OSINT tool specifically for developers.

A full-fledged Python3 Metasploit automation library that can interact with Metasploit through msfrpcd or the msgrpc plugin in msfconsole.

Windows Defender blocks Metasploit’s Web Delivery module. Learn an alternate way to achieve the same goal – without dropping files on the host system – and provide more options depending on which ports can egress the network.

Use PowerShell, Invoke-CradleCrafter, and Microsoft’s Certutil.exe to craft a payload and one-liner that can evade Windows Defender, and get tips to avoid getting caught by intrusion detection systems and behavior analysis.

A Golang implant that uses Slack as a command-and-control channel.

A stealthy Python-based backdoor that uses Twitter direct messages as a command-and-control service.

A suite of tools that interact with Intel AMT.

Delve into reverse engineering and patching software using the open-source NSA tool Ghidra, which rivals expensive competitors (e.g., IDA Pro) in value and ease of use.

Use mitmproxy to intercept all HTTP traffic and automatically forward HTTP GET and Post requests to SQLMap’s API to test for SQLi and XSS.

Auto fuzz cookies to detect weaknesses that can lead to additional vulnerabilities and create screenshots.

Explore a collection of curated Java deserialization exploits.

Discover a Burp trick to help find instances of command execution and lots of SQL injection in other applications.

Helper functions for describing AWS infrastructure. Intended for writing tests, Carvajal can also monitor and audit. Look up variables, data sources, and other terraform objects with terraform helpers.

Get real-life lessons that you can apply to your security program from our pen tester who found two zero-days and used them to break a system from no access to work.